The Online Team and I had a great time at the PCI Community meeting last week, set in the spectacular environs of Vancouver BC. We ate and drank, pontificated, watched ferries and seaplanes come into the harbor (my inner 8-year old self couldn’t resist and I booked a flight out on one), and had a generally spectacular time networking with old and new friends in the payment security space.  While there were far too many interesting presentations and conversations to put into one place, I had a few takeaways that I felt were worth sharing. In no particular order:

You’ve. Been. Hacked.

Three words that no business owner wants to read while opening their daily email, yet it happens more and more every year.

We hear a lot about the pace of change and the increasingly sophisticated threats facing organizations today. You don’t have to look much further than the daily headlines to read about new ways of doing business, or the latest successful data breach. 

What’s becoming very clear is that Cybersecurity is not a sprint, but rather a marathon.
Each leg of the race presents new challenges and requires a commitment to diligence, risk management, and continuous program improvement. What we’ve done in the past is now proving to be insufficient and ineffective for the unpredictable terrain ahead. Different threat landscapes requires different solutions …and occasionally you need to stop, rest, and re-hydrate along the way.

Your personal health data is not only very private, but it is very valuable. Healthcare organizations across North America (and the world) are continually needing to invest in security programs that protect their patient information through physical security, technology, and managing human-led processes and workflows.

Although 2019 promises a new version of the Payment Card Industry Data Security Standard (PCI DSS) the current version 3.2.1 is the de facto standard for measuring security programs for all merchants and service providers that participate in commerce using credit or debit cards.

There are twelve major requirements in the PCI DSS, and considering the complexity of the material we have chosen to dedicate individual blogs to the different requirements. The focus of these blogs will be to provide tips and pointers, help provide clarity for “what’s new” and to enhance understanding so that your organization can achieve a sustainable security posture that easily satisfies the requirements of the PCI DSS.

2018 has been a year of rapid technology growth. We have seen changes to the security landscape, an increased adoption of AI and continued generational adjustments to our workforce.  As we look back over the last 12 months, we wanted to share some of our favorite blog posts from 2018 that touch on some or all of these topics: from risk and security assessment, to user experience, design thinking, business consulting, and everything in between. Happy reading!